diff --git a/plist b/plist
index c2a84b6a3..975577bc3 100644
--- a/plist
+++ b/plist
@@ -36,8 +36,6 @@
 /usr/local/etc/inc/notices.smtp.inc
 /usr/local/etc/inc/plugins.inc
 /usr/local/etc/inc/plugins.inc.d/dnsmasq.inc
-/usr/local/etc/inc/plugins.inc.d/if_group.inc
-/usr/local/etc/inc/plugins.inc.d/if_legacy_opt.inc
 /usr/local/etc/inc/plugins.inc.d/ipfw.inc
 /usr/local/etc/inc/plugins.inc.d/ipsec.inc
 /usr/local/etc/inc/plugins.inc.d/ipsec/auth-user.php
diff --git a/src/etc/inc/plugins.inc.d/if_group.inc b/src/etc/inc/plugins.inc.d/if_group.inc
deleted file mode 100644
index 5e8ec2d1b..000000000
--- a/src/etc/inc/plugins.inc.d/if_group.inc
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-
-/*
-    Copyright (C) 2016 Deciso B.V.
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
-
-function if_group_interfaces()
-{
-    global $config;
-
-    $interfaces = array();
-
-    /* add interface groups */
-    if (isset($config['ifgroups']['ifgroupentry'])) {
-        foreach($config['ifgroups']['ifgroupentry'] as $ifgen) {
-            $oc = array("enable" => true);
-            $oc['networks'] = array();
-            $oc['if'] = $ifgen['ifname'];
-            $oc['descr'] = $ifgen['ifname'];
-            $oc['virtual'] = true;
-            $oc['type'] = 'group';
-            $interfaces[$ifgen['ifname']] = $oc;
-        }
-    }
-
-    return $interfaces;
-}
diff --git a/src/etc/inc/plugins.inc.d/if_legacy_opt.inc b/src/etc/inc/plugins.inc.d/if_legacy_opt.inc
deleted file mode 100644
index 2a1b4862a..000000000
--- a/src/etc/inc/plugins.inc.d/if_legacy_opt.inc
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-/*
-    Copyright (C) 2016 Deciso B.V.
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
- * options we should probably remove from the system at some point, lets make them plugabble before removal
- */
-function if_legacy_opt_firewall($fw)
-{
-    global $config, $GatewaysList;
-
-    $defaults = array();
-    $defaults['pass'] = array("type" => "pass", "log" => !isset($config['syslog']['nologdefaultpass']));
-
-    /*
-     *  pass traffic between statically routed subnets and the subnet on the
-     *  interface in question to avoid problems with complicated routing
-     *  topologies
-     */
-    if (isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) && count($config['staticroutes']['route'])) {
-        $FilterIflist = filter_generate_optcfg_array();
-        filter_generate_gateways(); // loads global $GatewaysList
-
-        foreach (get_staticroutes() as $route) {
-            $friendly = $GatewaysList[$route['gateway']]['friendlyiface'];
-            if (is_array($FilterIflist[$friendly])) {
-                $oc = $FilterIflist[$friendly];
-                $routeent = explode("/", $route['network']);
-                if (is_ipaddrv4($routeent[0]) && is_ipaddrv4($oc['ip'])) {
-                    $sa = $oc['sa'];
-                    $sn = $oc['sn'];
-                } elseif (is_ipaddrv6($routeent[0]) && is_ipaddrv6($oc['ipv6'])) {
-                    $sa = $oc['sav6'];
-                    $sn = $oc['snv6'];
-                } else {
-                    continue;
-                }
-
-                $networks = array();
-                $networks[] = array('from' => "{$sa}/{$sn}", 'to' => $route['network']);
-                $networks[] = array('to' => "{$sa}/{$sn}", 'from' => $route['network']);
-                foreach ($networks as $network) {
-                    $fw->registerFilterRule(10,
-                      array('interface' => $friendly, 'statetype' => 'sloppy',
-                            'protocol' => 'tcp','flags' => 'any', 'from' => $network['from'],
-                            'to' => $network['to'], 'quick' => false,
-                            'label' => "pass traffic between statically routed subnets"),
-                      $defaults['pass']
-                    );
-                    $fw->registerFilterRule(10,
-                      array('interface' => $friendly, 'statetype' => 'sloppy',
-                            'from' => $network['from'],'to' => $network['to'], 'quick' => false,
-                            'label' => "pass traffic between statically routed subnets"),
-                      $defaults['pass']
-                    );
-                }
-            }
-        }
-    }
-}
diff --git a/src/etc/inc/plugins.inc.d/pf.inc b/src/etc/inc/plugins.inc.d/pf.inc
index b4e41a0aa..1394ed7d9 100644
--- a/src/etc/inc/plugins.inc.d/pf.inc
+++ b/src/etc/inc/plugins.inc.d/pf.inc
@@ -1,6 +1,7 @@
 <?php
 
 /*
+    Copyright (C) 2016 Deciso B.V.
     Copyright (C) 2016 Franco Fichtner <franco@opnsense.org>
     All rights reserved.
 
@@ -47,3 +48,82 @@ function pf_services()
 
     return $services;
 }
+
+function pf_interfaces()
+{
+    global $config;
+
+    $interfaces = array();
+
+    /* add interface groups */
+    if (isset($config['ifgroups']['ifgroupentry'])) {
+        foreach($config['ifgroups']['ifgroupentry'] as $ifgen) {
+            $oc = array("enable" => true);
+            $oc['networks'] = array();
+            $oc['if'] = $ifgen['ifname'];
+            $oc['descr'] = $ifgen['ifname'];
+            $oc['virtual'] = true;
+            $oc['type'] = 'group';
+            $interfaces[$ifgen['ifname']] = $oc;
+        }
+    }
+
+    return $interfaces;
+}
+
+/**
+ * options we should probably remove from the system at some point, lets make them plugabble before removal
+ */
+function pf_firewall($fw)
+{
+    global $config, $GatewaysList;
+
+    $defaults = array();
+    $defaults['pass'] = array("type" => "pass", "log" => !isset($config['syslog']['nologdefaultpass']));
+
+    /*
+     *  pass traffic between statically routed subnets and the subnet on the
+     *  interface in question to avoid problems with complicated routing
+     *  topologies
+     */
+    if (isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) && count($config['staticroutes']['route'])) {
+        $FilterIflist = filter_generate_optcfg_array();
+        filter_generate_gateways(); // loads global $GatewaysList
+
+        foreach (get_staticroutes() as $route) {
+            $friendly = $GatewaysList[$route['gateway']]['friendlyiface'];
+            if (is_array($FilterIflist[$friendly])) {
+                $oc = $FilterIflist[$friendly];
+                $routeent = explode("/", $route['network']);
+                if (is_ipaddrv4($routeent[0]) && is_ipaddrv4($oc['ip'])) {
+                    $sa = $oc['sa'];
+                    $sn = $oc['sn'];
+                } elseif (is_ipaddrv6($routeent[0]) && is_ipaddrv6($oc['ipv6'])) {
+                    $sa = $oc['sav6'];
+                    $sn = $oc['snv6'];
+                } else {
+                    continue;
+                }
+
+                $networks = array();
+                $networks[] = array('from' => "{$sa}/{$sn}", 'to' => $route['network']);
+                $networks[] = array('to' => "{$sa}/{$sn}", 'from' => $route['network']);
+                foreach ($networks as $network) {
+                    $fw->registerFilterRule(10,
+                      array('interface' => $friendly, 'statetype' => 'sloppy',
+                            'protocol' => 'tcp','flags' => 'any', 'from' => $network['from'],
+                            'to' => $network['to'], 'quick' => false,
+                            'label' => "pass traffic between statically routed subnets"),
+                      $defaults['pass']
+                    );
+                    $fw->registerFilterRule(10,
+                      array('interface' => $friendly, 'statetype' => 'sloppy',
+                            'from' => $network['from'],'to' => $network['to'], 'quick' => false,
+                            'label' => "pass traffic between statically routed subnets"),
+                      $defaults['pass']
+                    );
+                }
+            }
+        }
+    }
+}
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
index 125a106e2..129bea389 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
@@ -120,9 +120,6 @@
             <GRE url="/interfaces_gre.php">
                 <Edit url="/interfaces_gre_edit.php*" visibility="hidden"/>
             </GRE>
-            <Group url="/interfaces_groups.php">
-                <Edit url="/interfaces_groups_edit.php*" visibility="hidden"/>
-            </Group>
             <LAGG url="/interfaces_lagg.php">
                 <Edit url="/interfaces_lagg_edit.php*" visibility="hidden"/>
             </LAGG>
@@ -166,6 +163,9 @@
                 <Edit url="/firewall_nat_npt_edit.php*" visibility="hidden"/>
             </NPT>
         </NAT>
+        <Groups order="40" url="/interfaces_groups.php" cssClass="fa fa-sitemap fa-fw">
+            <Edit url="/interfaces_groups_edit.php*" visibility="hidden"/>
+        </Groups>
         <VIP order="50" VisibleName="Virtual IPs" cssClass="fa fa-clone fa-fw">
             <Settings url="/firewall_virtual_ip.php">
                 <Edit url="/firewall_virtual_ip_edit.php*" visibility="hidden"/>